David Garlan

David Garlan
Carnegie Mellon University | CMU · School of Computer Science

PhD

About

451
Publications
80,161
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
29,697
Citations

Publications

Publications (451)
Article
Full-text available
The problem of mitigating uncertainty in self-adaptation has driven much of the research proposed in the area of software engineering for self-adaptive systems in the last decade. Although many solutions have already been proposed, most of them tend to tackle specific types, sources, and dimensions of uncertainty (e.g., in goals, resources, adaptat...
Article
Many self-adaptive systems benefit from human involvement and oversight, where a human operator can provide expertise not available to the system and detect problems that the system is unaware of. One way of achieving this synergy is by placing the human operator on the loop – i.e., providing supervisory oversight and intervening in the case of que...
Chapter
Today’s world is witnessing a shift from human-written software to machine-learned software, with the rise of systems that rely on machine learning. These systems typically operate in non-static environments, which are prone to unexpected changes, as is the case of self-driving cars and enterprise systems. In this context, machine-learned software...
Article
Full-text available
For realistic self-adaptive systems, multiple quality attributes need to be considered and traded off against each other. These quality attributes are commonly encoded in a utility function, for instance, a weighted sum of relevant objectives. Utility functions are typically subject to a set of constraints, i.e., hard requirements that should not b...
Article
Software-intensive systems are increasingly used to support tasks that are typically characterized by high degrees of uncertainty. The modeling notations employed to design, verify, and operate such systems have increasingly started to capture different types of uncertainty, so that they can be explicitly considered when systems are developed and d...
Chapter
It is becoming increasingly important for an autonomous system to be able to explain its actions to humans in order to improve trust and enhance human-machine collaboration. However, providing the most appropriate kind of explanations – in terms of length, format and presentation mode of explanations at the proper time – is critical to enhancing th...
Conference Paper
Full-text available
Explainability refers to the degree to which a software system’s actions or solutions can be understood by humans. Giving humans the right amount of explanation at the right time is an important factor in maximizing the effective collaboration between an adaptive system and humans during interaction. However, explanations come with costs, such as t...
Chapter
In software design, guaranteeing the correctness of run-time system behavior while achieving an acceptable balance among multiple quality attributes remains a challenging problem. Moreover, providing guarantees about the satisfaction of those requirements when systems are subject to uncertain environments is even more challenging. While recent deve...
Article
Full-text available
Context The Robot Operating System (ROS) is the de-facto standard for robotics software. However, ROS-based systems are getting larger and more complex and could benefit from good software architecture practices. Goal We aim at (i) unveiling the state-of-the-practice in terms of targeted quality attributes and architecture documentation in ROS-bas...
Chapter
[Context and motivation:] For realistic self-adaptive systems, multiple quality attributes need to be considered and traded off against each other. These quality attributes are commonly encoded in a utility function, for instance, a weighted sum of relevant objectives. [Question/problem:] The research agenda for requirements engineering for self-ad...
Preprint
[Context and motivation:] For realistic self-adaptive systems, multiple quality attributes need to be considered and traded off against each other. These quality attributes are commonly encoded in a utility function, for instance, a weighted sum of relevant objectives. [Question/problem:] The research agenda for requirements engineering for self-ad...
Chapter
Full-text available
Security attacks present unique challenges to self-adaptive system design due to the adversarial nature of the environment. Game theory approaches have been explored in security to model malicious behaviors and design reliable defense for the system in a mathematically grounded manner. However, modeling the system as a single player, as done in pri...
Article
Many software systems operate in environments of change and uncertainty. Techniques for self-adaptation allow these systems to automatically respond to environmental changes, yet they do not handle changes to the adaptive system itself, such as the addition or removal of adaptation tactics. Instead, changes in a self-adaptive system often require a...
Preprint
Full-text available
Many self-adaptive systems benefit from human involvement and oversight, where a human operator can provide expertise not available to the system and can detect problems that the system is unaware of. One way of achieving this is by placing the human operator on the loop, i.e., providing supervisory oversight and intervening in the case of question...
Preprint
End-users' trust in automated agents is important as automated decision-making and planning is increasingly used in many aspects of people's lives. In real-world applications of planning, multiple optimization objectives are often involved. Thus, planning agents' decisions can involve complex tradeoffs among competing objectives. It can be difficul...
Preprint
Full-text available
Two of the main paradigms used to build adaptive software employ different types of properties to capture relevant aspects of the system's run-time behavior. On the one hand, control systems consider properties that concern static aspects like stability, as well as dynamic properties that capture the transient evolution of variables such as settlin...
Conference Paper
Full-text available
Microservice application developers try to mitigate the impact of partial outages typically by implementing service-to-service interactions that use well-known resiliency patterns, such as Retry, Fail Fast, and Circuit Breaker. However, those resiliency patterns–as well as their available open-source implementations–are often documented informally,...
Article
Full-text available
A self-adaptive system can dynamically monitor and adapt its behavior to preserve or enhance its quality attributes under uncertain operating conditions. This article identifies key challenges for the development of microservice applications as self-adaptive systems, using a cloud-based intelligent video surveillance application as a motivating exa...
Preprint
Full-text available
A self-adaptive system can dynamically monitor and adapt its behavior to preserve or enhance its quality attributes under uncertain operating conditions. This article identifies key challenges for the development of microservice applications as self-adaptive systems, using a cloud-based intelligent video surveillance application as a motivating exa...
Conference Paper
Advanced persistent threats (APTs) are a particularly troubling challenge for software systems. The adversarial nature of the security domain, and APTs in particular, poses unresolved challenges to the design of self-* systems, such as how to defend against multiple types of attackers with different goals and capabilities. In this interaction, the...
Conference Paper
Full-text available
This paper presents Kubow, an extensible architecture-based self-adaptation service for cloud native applications. Kubow itself was implemented by customizing and extending the Rainbow self-adaptation framework with support for Docker containers and Kubernetes. The paper highlights Kubow's architecture and main design decisions, and illustrates its...
Poster
Full-text available
Implementing a solution for a design decision that precisely satisfies the trade-off between quality attributes can be extremely challenging. Further, typically trade-offs are not represented as first-class entities in development artifacts. Hence, decisions might be suboptimal and lack requirements traceability as well as changeability. We propose...
Conference Paper
Full-text available
Implementing a solution for a design decision that precisely satisfies the trade-off between quality attributes can be extremely challenging. Further, typically quality attribute trade-offs are not represented as first-class entities in development artifacts. Hence, decisions might be sub-optimal and lack requirements traceability as well as change...
Preprint
Full-text available
Modern cyber-physical systems (e.g., robotics systems) are typically composed of physical and software components, the characteristics of which are likely to change over time. Assumptions about parts of the system made at design time may not hold at run time, especially when a system is deployed for long periods (e.g., over decades). Self-adaptatio...
Article
We are happy to introduce the "Building Long-Lived Adaptive Systems" theme issue of IEEE Software. This issue includes contributions from successful researchers and practitioners who work on constructing software that can continue to operate for years or even decades, adapting itself to changes in its ecosystem that may not have been envisaged by i...
Article
Mobile Multi-Robot Systems (MMRSs) are an emerging class of systems that are composed of a team of robots, various devices (like movable cameras, sensors) which collaborate with each other to accomplish defined missions. Moreover, these systems must operate in dynamic and potentially uncontrollable and unknown environments that might compromise the...
Article
Designing software in a way that guarantees run-time behavior while achieving an acceptable balance among multiple quality attributes is an open problem. Providing guarantees about the satisfaction of the same requirements under uncertain environments is even more challenging. Tools and techniques to inform engineers about poorly-understood design...
Preprint
Full-text available
Implementing a solution for a design decision that precisely satisfies the trade-off between quality attributes can be extremely challenging. Further, typically trade-offs are not represented as first-class entities in development artifacts. Hence, decisions might be suboptimal and lack requirements trace-ability as well as changeability. We propos...
Conference Paper
Full-text available
Why is it so difficult to build self-adaptive systems by reusing existing self-adaptation services and frameworks? In this paper, we argue that one possible explanation is that there is a fundamental mismatch between the adaptation needs of modern software systems, and the architectural models and adaptation mechanisms supported by current self-ada...
Article
Full-text available
Self-adaptation improves the resilience of software-intensive systems, enabling them to adapt their structure and behavior to run-time changes (e.g., in workload and resource availability). Many of these approaches reason about the best way of adapting by synthesizing adaptation plans online via planning or model checking tools. This method enables...
Conference Paper
Full-text available
Design and verification of modern systems requires diverse models, which often come from a variety of disciplines, and it is challenging to manage their heterogeneity – especially in the case of cyber-physical systems. To check consistency between models, recent approaches map these models to flexible static abstractions, such as architectural view...
Article
From the aspirational title of the 1968 NATO conference,1 software engineering has evolved to a well-defined engineering discipline with strong educational underpinnings. The supporting educational foundation has grown from a few courses in programming languages and data structures, evolving through structured programming, correctness formalisms, a...
Article
Adaptive systems are expected to adapt to unanticipated run-time events using imperfect information about themselves, their environment, and goals. This entails handling the effects of uncertainties in decision-making, which are not always considered as a first-class concern. This paper contributes a formal analysis technique that explicitly consid...
Conference Paper
Full-text available
Research in self-adaptive systems often uses web applications as target systems, running the actual software on real web servers. This approach has three drawbacks. First, these systems are not easy and/or cheap to deploy. Second, run-time conditions cannot be replicated exactly to compare different adaptation approaches due to uncontrolled factors...
Conference Paper
Full-text available
Self-adaptive systems depend on models of themselves and their environment to decide whether and how to adapt, but these models are often affected by uncertainty. While current adaptation decision approaches are able to model and reason about this uncertainty, they do not consider ways to reduce it. This presents an opportunity for improving decisi...
Conference Paper
Many software systems operate in environments where change and uncertainty are the rule, rather than exceptions. Techniques for self-adaptation allow these systems to automatically respond to environmental changes, yet they do not handle changes to the adaptive system itself, such as the addition or removal of adaptation tactics. Instead, changes i...
Conference Paper
Use of multi-objective probabilistic planning to synthesize behavior of CPSs can play an important role in engineering systems that must self-optimize for multiple quality objectives and operate under uncertainty. However, the reasoning behind automated planning is opaque to end-users. They may not understand why a particular behavior is generated,...
Article
Proactive latency-aware adaptation is an approach for self-adaptive systems that considers both the current and anticipated adaptation needs when making adaptation decisions, taking into account the latency of the available adaptation tactics. Since this is a problem of selecting adaptation actions in the context of the probabilistic behavior of th...
Conference Paper
System administrators are slowly coming to accept that nearly all systems are vulnerable and many should be assumed to be compromised. Rather than preventing all vulnerabilities in complex systems, the approach is changing to protecting systems under the assumption that they are already under attack. Administrators do not know all the latent vulner...
Chapter
Self-Adaptive systems are expected to adapt to unanticipated run-time events using imperfect information about their environment. This entails handling the effects of uncertainties in decision-making, which are not always considered as a first-class concern. This paper contributes a formal analysis technique that explicitly considers uncertainty in...
Conference Paper
Full-text available
Designing software subject to uncertainty in a way that provides guarantees about its run-time behavior while achieving an acceptable balance between multiple extra-functional properties is still an open problem. Tools and techniques to inform engineers about poorly-understood design spaces in the presence of uncertainty are needed. To tackle this...
Conference Paper
Across many domains, end-users need to compose computational elements into novel configurations to perform their day-to-day tasks. End-user composition is a common programming activity performed by such end-users to accomplish this composition task. While there have been many studies on end-user programming, we still need a better understanding of...
Conference Paper
Large software systems have to contend with a significant number of users who interact with different components of the system in various ways. The sequences of components that are used as part of an interaction define sets of behaviors that users have with the system. These can be large in number. Among these users, it is possible that there are s...
Conference Paper
Cyber-physical systems (CPSs) mix software, hardware, and physical aspects with equal importance. Typically, the use of models of such systems during run time has concentrated only on managing and controlling the cyber (software) aspects. However, to fully realize the goals of a CPS, physical models too have to be treated as first-class models. Thi...
Conference Paper
Software architecture modeling is important for analyzing system quality attributes, particularly security. However, such analyses often assume that the architecture is completely known in advance. In many modern domains, especially those that use plugin-based frameworks, it is not possible to have such a complete model because the software system...
Conference Paper
Run-time generation of adaptation plans is a powerful mechanism that helps a self-adaptive system to meet its goals in a dynamically changing environment. In the past, researchers have demonstrated successful use of various automated planning techniques to generate adaptation plans at run time. However, for a planning technique, there is often a tr...
Poster
Full-text available
A power model for hardware of the Turtlebot robot. This is the outcome of Amanda Rico’s Summer internship at CMU. This poster was presented at the BRASS PI meeting at Rice University in Houston, TX and the CMU REUSE session in Pittsburgh, PA.
Conference Paper
Planning in CPSs requires temporal reasoning to handle the dynamics of the environment, including human behavior, as well as temporal constraints on system goals and durations of actions that systems and human actors may take. The discrete abstraction of time in a state space planning should have a time sampling parameter value that satisfies some...
Conference Paper
Modern frameworks are required to be extendable as well as secure. However, these two qualities are often at odds. In this poster we describe an approach that uses a combination of static analysis and run-time management, based on software architecture models, that can improve security while maintaining framework extendability. We implement a proto...